]>
Commit | Line | Data |
---|---|---|
400c40cf SM |
1 | /* |
2 | * algif_aead: User-space interface for AEAD algorithms | |
3 | * | |
4 | * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> | |
5 | * | |
6 | * This file provides the user-space API for AEAD ciphers. | |
7 | * | |
400c40cf SM |
8 | * This program is free software; you can redistribute it and/or modify it |
9 | * under the terms of the GNU General Public License as published by the Free | |
10 | * Software Foundation; either version 2 of the License, or (at your option) | |
11 | * any later version. | |
d887c52d SM |
12 | * |
13 | * The following concept of the memory management is used: | |
14 | * | |
15 | * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is | |
16 | * filled by user space with the data submitted via sendpage/sendmsg. Filling | |
17 | * up the TX SGL does not cause a crypto operation -- the data will only be | |
18 | * tracked by the kernel. Upon receipt of one recvmsg call, the caller must | |
19 | * provide a buffer which is tracked with the RX SGL. | |
20 | * | |
21 | * During the processing of the recvmsg operation, the cipher request is | |
22 | * allocated and prepared. As part of the recvmsg operation, the processed | |
23 | * TX buffers are extracted from the TX SGL into a separate SGL. | |
24 | * | |
25 | * After the completion of the crypto operation, the RX SGL and the cipher | |
26 | * request is released. The extracted TX SGL parts are released together with | |
27 | * the RX SGL release. | |
400c40cf SM |
28 | */ |
29 | ||
83094e5e | 30 | #include <crypto/internal/aead.h> |
400c40cf SM |
31 | #include <crypto/scatterwalk.h> |
32 | #include <crypto/if_alg.h> | |
72548b09 SM |
33 | #include <crypto/skcipher.h> |
34 | #include <crypto/null.h> | |
400c40cf SM |
35 | #include <linux/init.h> |
36 | #include <linux/list.h> | |
37 | #include <linux/kernel.h> | |
38 | #include <linux/mm.h> | |
39 | #include <linux/module.h> | |
40 | #include <linux/net.h> | |
41 | #include <net/sock.h> | |
42 | ||
2a2a251f SM |
43 | struct aead_tfm { |
44 | struct crypto_aead *aead; | |
45 | bool has_key; | |
72548b09 | 46 | struct crypto_skcipher *null_tfm; |
2a2a251f SM |
47 | }; |
48 | ||
d887c52d SM |
49 | static inline bool aead_sufficient_data(struct sock *sk) |
50 | { | |
51 | struct alg_sock *ask = alg_sk(sk); | |
52 | struct sock *psk = ask->parent; | |
53 | struct alg_sock *pask = alg_sk(psk); | |
2d97591e | 54 | struct af_alg_ctx *ctx = ask->private; |
d887c52d SM |
55 | struct aead_tfm *aeadc = pask->private; |
56 | struct crypto_aead *tfm = aeadc->aead; | |
57 | unsigned int as = crypto_aead_authsize(tfm); | |
400c40cf | 58 | |
0c1e16cd SM |
59 | /* |
60 | * The minimum amount of memory needed for an AEAD cipher is | |
61 | * the AAD and in case of decryption the tag. | |
62 | */ | |
63 | return ctx->used >= ctx->aead_assoclen + (ctx->enc ? 0 : as); | |
400c40cf SM |
64 | } |
65 | ||
eccd02f3 | 66 | static int aead_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) |
400c40cf SM |
67 | { |
68 | struct sock *sk = sock->sk; | |
69 | struct alg_sock *ask = alg_sk(sk); | |
d887c52d SM |
70 | struct sock *psk = ask->parent; |
71 | struct alg_sock *pask = alg_sk(psk); | |
d887c52d SM |
72 | struct aead_tfm *aeadc = pask->private; |
73 | struct crypto_aead *tfm = aeadc->aead; | |
74 | unsigned int ivsize = crypto_aead_ivsize(tfm); | |
400c40cf | 75 | |
2d97591e | 76 | return af_alg_sendmsg(sock, msg, size, ivsize); |
83094e5e TS |
77 | } |
78 | ||
72548b09 SM |
79 | static int crypto_aead_copy_sgl(struct crypto_skcipher *null_tfm, |
80 | struct scatterlist *src, | |
81 | struct scatterlist *dst, unsigned int len) | |
82 | { | |
83 | SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm); | |
84 | ||
85 | skcipher_request_set_tfm(skreq, null_tfm); | |
86 | skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
87 | NULL, NULL); | |
88 | skcipher_request_set_crypt(skreq, src, dst, len, NULL); | |
89 | ||
90 | return crypto_skcipher_encrypt(skreq); | |
91 | } | |
92 | ||
d887c52d SM |
93 | static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, |
94 | size_t ignored, int flags) | |
400c40cf SM |
95 | { |
96 | struct sock *sk = sock->sk; | |
97 | struct alg_sock *ask = alg_sk(sk); | |
d887c52d SM |
98 | struct sock *psk = ask->parent; |
99 | struct alg_sock *pask = alg_sk(psk); | |
2d97591e | 100 | struct af_alg_ctx *ctx = ask->private; |
d887c52d SM |
101 | struct aead_tfm *aeadc = pask->private; |
102 | struct crypto_aead *tfm = aeadc->aead; | |
72548b09 | 103 | struct crypto_skcipher *null_tfm = aeadc->null_tfm; |
8e1fa89a | 104 | unsigned int i, as = crypto_aead_authsize(tfm); |
2d97591e | 105 | struct af_alg_async_req *areq; |
8e1fa89a SM |
106 | struct af_alg_tsgl *tsgl, *tmp; |
107 | struct scatterlist *rsgl_src, *tsgl_src = NULL; | |
d887c52d SM |
108 | int err = 0; |
109 | size_t used = 0; /* [in] TX bufs to be en/decrypted */ | |
110 | size_t outlen = 0; /* [out] RX bufs produced by kernel */ | |
111 | size_t usedpages = 0; /* [in] RX bufs to be used from user */ | |
112 | size_t processed = 0; /* [in] TX bufs to be consumed */ | |
400c40cf SM |
113 | |
114 | /* | |
d887c52d SM |
115 | * Data length provided by caller via sendmsg/sendpage that has not |
116 | * yet been processed. | |
400c40cf | 117 | */ |
400c40cf SM |
118 | used = ctx->used; |
119 | ||
120 | /* | |
121 | * Make sure sufficient data is present -- note, the same check is | |
122 | * is also present in sendmsg/sendpage. The checks in sendpage/sendmsg | |
123 | * shall provide an information to the data sender that something is | |
124 | * wrong, but they are irrelevant to maintain the kernel integrity. | |
125 | * We need this check here too in case user space decides to not honor | |
126 | * the error message in sendmsg/sendpage and still call recvmsg. This | |
127 | * check here protects the kernel integrity. | |
128 | */ | |
d887c52d SM |
129 | if (!aead_sufficient_data(sk)) |
130 | return -EINVAL; | |
400c40cf | 131 | |
0c1e16cd SM |
132 | /* |
133 | * Calculate the minimum output buffer size holding the result of the | |
134 | * cipher operation. When encrypting data, the receiving buffer is | |
135 | * larger by the tag length compared to the input buffer as the | |
136 | * encryption operation generates the tag. For decryption, the input | |
137 | * buffer provides the tag which is consumed resulting in only the | |
138 | * plaintext without a buffer for the tag returned to the caller. | |
139 | */ | |
140 | if (ctx->enc) | |
141 | outlen = used + as; | |
142 | else | |
143 | outlen = used - as; | |
19fa7752 | 144 | |
400c40cf SM |
145 | /* |
146 | * The cipher operation input data is reduced by the associated data | |
147 | * length as this data is processed separately later on. | |
148 | */ | |
0c1e16cd | 149 | used -= ctx->aead_assoclen; |
400c40cf | 150 | |
d887c52d | 151 | /* Allocate cipher request for current operation. */ |
2d97591e SM |
152 | areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + |
153 | crypto_aead_reqsize(tfm)); | |
154 | if (IS_ERR(areq)) | |
155 | return PTR_ERR(areq); | |
d887c52d SM |
156 | |
157 | /* convert iovecs of output buffers into RX SGL */ | |
2d97591e SM |
158 | err = af_alg_get_rsgl(sk, msg, flags, areq, outlen, &usedpages); |
159 | if (err) | |
160 | goto free; | |
400c40cf | 161 | |
d887c52d SM |
162 | /* |
163 | * Ensure output buffer is sufficiently large. If the caller provides | |
164 | * less buffer space, only use the relative required input size. This | |
165 | * allows AIO operation where the caller sent all data to be processed | |
166 | * and the AIO operation performs the operation on the different chunks | |
167 | * of the input data. | |
168 | */ | |
0c1e16cd | 169 | if (usedpages < outlen) { |
d887c52d | 170 | size_t less = outlen - usedpages; |
400c40cf | 171 | |
d887c52d SM |
172 | if (used < less) { |
173 | err = -EINVAL; | |
174 | goto free; | |
175 | } | |
176 | used -= less; | |
177 | outlen -= less; | |
178 | } | |
400c40cf | 179 | |
72548b09 | 180 | processed = used + ctx->aead_assoclen; |
8e1fa89a SM |
181 | list_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) { |
182 | for (i = 0; i < tsgl->cur; i++) { | |
183 | struct scatterlist *process_sg = tsgl->sg + i; | |
184 | ||
185 | if (!(process_sg->length) || !sg_page(process_sg)) | |
186 | continue; | |
187 | tsgl_src = process_sg; | |
188 | break; | |
189 | } | |
190 | if (tsgl_src) | |
191 | break; | |
192 | } | |
193 | if (processed && !tsgl_src) { | |
194 | err = -EFAULT; | |
195 | goto free; | |
196 | } | |
72548b09 | 197 | |
d887c52d | 198 | /* |
72548b09 SM |
199 | * Copy of AAD from source to destination |
200 | * | |
201 | * The AAD is copied to the destination buffer without change. Even | |
202 | * when user space uses an in-place cipher operation, the kernel | |
203 | * will copy the data as it does not see whether such in-place operation | |
204 | * is initiated. | |
205 | * | |
206 | * To ensure efficiency, the following implementation ensure that the | |
207 | * ciphers are invoked to perform a crypto operation in-place. This | |
208 | * is achieved by memory management specified as follows. | |
d887c52d | 209 | */ |
72548b09 SM |
210 | |
211 | /* Use the RX SGL as source (and destination) for crypto op. */ | |
8e1fa89a | 212 | rsgl_src = areq->first_rsgl.sgl.sg; |
72548b09 SM |
213 | |
214 | if (ctx->enc) { | |
215 | /* | |
216 | * Encryption operation - The in-place cipher operation is | |
217 | * achieved by the following operation: | |
218 | * | |
75d11e75 | 219 | * TX SGL: AAD || PT |
72548b09 SM |
220 | * | | |
221 | * | copy | | |
222 | * v v | |
75d11e75 | 223 | * RX SGL: AAD || PT || Tag |
72548b09 | 224 | */ |
8e1fa89a | 225 | err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
72548b09 SM |
226 | areq->first_rsgl.sgl.sg, processed); |
227 | if (err) | |
228 | goto free; | |
2d97591e | 229 | af_alg_pull_tsgl(sk, processed, NULL, 0); |
72548b09 SM |
230 | } else { |
231 | /* | |
232 | * Decryption operation - To achieve an in-place cipher | |
233 | * operation, the following SGL structure is used: | |
234 | * | |
235 | * TX SGL: AAD || CT || Tag | |
236 | * | | ^ | |
237 | * | copy | | Create SGL link. | |
238 | * v v | | |
239 | * RX SGL: AAD || CT ----+ | |
240 | */ | |
241 | ||
242 | /* Copy AAD || CT to RX SGL buffer for in-place operation. */ | |
8e1fa89a | 243 | err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
72548b09 SM |
244 | areq->first_rsgl.sgl.sg, outlen); |
245 | if (err) | |
246 | goto free; | |
247 | ||
248 | /* Create TX SGL for tag and chain it to RX SGL. */ | |
2d97591e SM |
249 | areq->tsgl_entries = af_alg_count_tsgl(sk, processed, |
250 | processed - as); | |
72548b09 SM |
251 | if (!areq->tsgl_entries) |
252 | areq->tsgl_entries = 1; | |
253 | areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * | |
254 | areq->tsgl_entries, | |
255 | GFP_KERNEL); | |
256 | if (!areq->tsgl) { | |
257 | err = -ENOMEM; | |
258 | goto free; | |
259 | } | |
260 | sg_init_table(areq->tsgl, areq->tsgl_entries); | |
261 | ||
262 | /* Release TX SGL, except for tag data and reassign tag data. */ | |
2d97591e | 263 | af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); |
72548b09 SM |
264 | |
265 | /* chain the areq TX SGL holding the tag with RX SGL */ | |
2d97591e | 266 | if (usedpages) { |
72548b09 | 267 | /* RX SGL present */ |
2d97591e | 268 | struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; |
72548b09 SM |
269 | |
270 | sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); | |
271 | sg_chain(sgl_prev->sg, sgl_prev->npages + 1, | |
272 | areq->tsgl); | |
273 | } else | |
274 | /* no RX SGL present (e.g. authentication only) */ | |
8e1fa89a | 275 | rsgl_src = areq->tsgl; |
d887c52d | 276 | } |
d887c52d SM |
277 | |
278 | /* Initialize the crypto operation */ | |
8e1fa89a | 279 | aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src, |
d887c52d | 280 | areq->first_rsgl.sgl.sg, used, ctx->iv); |
2d97591e SM |
281 | aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); |
282 | aead_request_set_tfm(&areq->cra_u.aead_req, tfm); | |
d887c52d SM |
283 | |
284 | if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { | |
285 | /* AIO operation */ | |
286 | areq->iocb = msg->msg_iocb; | |
2d97591e | 287 | aead_request_set_callback(&areq->cra_u.aead_req, |
d887c52d | 288 | CRYPTO_TFM_REQ_MAY_BACKLOG, |
2d97591e SM |
289 | af_alg_async_cb, areq); |
290 | err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) : | |
291 | crypto_aead_decrypt(&areq->cra_u.aead_req); | |
d887c52d SM |
292 | } else { |
293 | /* Synchronous operation */ | |
2d97591e | 294 | aead_request_set_callback(&areq->cra_u.aead_req, |
d887c52d | 295 | CRYPTO_TFM_REQ_MAY_BACKLOG, |
2c3f8b16 GBY |
296 | crypto_req_done, &ctx->wait); |
297 | err = crypto_wait_req(ctx->enc ? | |
2d97591e SM |
298 | crypto_aead_encrypt(&areq->cra_u.aead_req) : |
299 | crypto_aead_decrypt(&areq->cra_u.aead_req), | |
2c3f8b16 | 300 | &ctx->wait); |
400c40cf SM |
301 | } |
302 | ||
d887c52d SM |
303 | /* AIO operation in progress */ |
304 | if (err == -EINPROGRESS) { | |
305 | sock_hold(sk); | |
400c40cf | 306 | |
d887c52d SM |
307 | /* Remember output size that will be generated. */ |
308 | areq->outlen = outlen; | |
309 | ||
310 | return -EIOCBQUEUED; | |
83094e5e | 311 | } |
d887c52d SM |
312 | |
313 | free: | |
2d97591e SM |
314 | af_alg_free_areq_sgls(areq); |
315 | sock_kfree_s(sk, areq, areq->areqlen); | |
400c40cf SM |
316 | |
317 | return err ? err : outlen; | |
318 | } | |
319 | ||
d887c52d SM |
320 | static int aead_recvmsg(struct socket *sock, struct msghdr *msg, |
321 | size_t ignored, int flags) | |
83094e5e | 322 | { |
d887c52d SM |
323 | struct sock *sk = sock->sk; |
324 | int ret = 0; | |
325 | ||
326 | lock_sock(sk); | |
327 | while (msg_data_left(msg)) { | |
328 | int err = _aead_recvmsg(sock, msg, ignored, flags); | |
329 | ||
330 | /* | |
331 | * This error covers -EIOCBQUEUED which implies that we can | |
332 | * only handle one AIO request. If the caller wants to have | |
333 | * multiple AIO requests in parallel, he must make multiple | |
334 | * separate AIO calls. | |
5703c826 SM |
335 | * |
336 | * Also return the error if no data has been processed so far. | |
d887c52d SM |
337 | */ |
338 | if (err <= 0) { | |
5703c826 | 339 | if (err == -EIOCBQUEUED || err == -EBADMSG || !ret) |
d887c52d SM |
340 | ret = err; |
341 | goto out; | |
342 | } | |
343 | ||
344 | ret += err; | |
345 | } | |
346 | ||
347 | out: | |
2d97591e | 348 | af_alg_wmem_wakeup(sk); |
d887c52d SM |
349 | release_sock(sk); |
350 | return ret; | |
83094e5e TS |
351 | } |
352 | ||
400c40cf SM |
353 | static struct proto_ops algif_aead_ops = { |
354 | .family = PF_ALG, | |
355 | ||
356 | .connect = sock_no_connect, | |
357 | .socketpair = sock_no_socketpair, | |
358 | .getname = sock_no_getname, | |
359 | .ioctl = sock_no_ioctl, | |
360 | .listen = sock_no_listen, | |
361 | .shutdown = sock_no_shutdown, | |
362 | .getsockopt = sock_no_getsockopt, | |
363 | .mmap = sock_no_mmap, | |
364 | .bind = sock_no_bind, | |
365 | .accept = sock_no_accept, | |
366 | .setsockopt = sock_no_setsockopt, | |
367 | ||
368 | .release = af_alg_release, | |
369 | .sendmsg = aead_sendmsg, | |
2d97591e | 370 | .sendpage = af_alg_sendpage, |
400c40cf | 371 | .recvmsg = aead_recvmsg, |
2d97591e | 372 | .poll = af_alg_poll, |
400c40cf SM |
373 | }; |
374 | ||
2a2a251f SM |
375 | static int aead_check_key(struct socket *sock) |
376 | { | |
377 | int err = 0; | |
378 | struct sock *psk; | |
379 | struct alg_sock *pask; | |
380 | struct aead_tfm *tfm; | |
381 | struct sock *sk = sock->sk; | |
382 | struct alg_sock *ask = alg_sk(sk); | |
383 | ||
384 | lock_sock(sk); | |
385 | if (ask->refcnt) | |
386 | goto unlock_child; | |
387 | ||
388 | psk = ask->parent; | |
389 | pask = alg_sk(ask->parent); | |
390 | tfm = pask->private; | |
391 | ||
392 | err = -ENOKEY; | |
393 | lock_sock_nested(psk, SINGLE_DEPTH_NESTING); | |
394 | if (!tfm->has_key) | |
395 | goto unlock; | |
396 | ||
397 | if (!pask->refcnt++) | |
398 | sock_hold(psk); | |
399 | ||
400 | ask->refcnt = 1; | |
401 | sock_put(psk); | |
402 | ||
403 | err = 0; | |
404 | ||
405 | unlock: | |
406 | release_sock(psk); | |
407 | unlock_child: | |
408 | release_sock(sk); | |
409 | ||
410 | return err; | |
411 | } | |
412 | ||
413 | static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg, | |
414 | size_t size) | |
415 | { | |
416 | int err; | |
417 | ||
418 | err = aead_check_key(sock); | |
419 | if (err) | |
420 | return err; | |
421 | ||
422 | return aead_sendmsg(sock, msg, size); | |
423 | } | |
424 | ||
425 | static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page, | |
426 | int offset, size_t size, int flags) | |
427 | { | |
428 | int err; | |
429 | ||
430 | err = aead_check_key(sock); | |
431 | if (err) | |
432 | return err; | |
433 | ||
2d97591e | 434 | return af_alg_sendpage(sock, page, offset, size, flags); |
2a2a251f SM |
435 | } |
436 | ||
437 | static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg, | |
438 | size_t ignored, int flags) | |
439 | { | |
440 | int err; | |
441 | ||
442 | err = aead_check_key(sock); | |
443 | if (err) | |
444 | return err; | |
445 | ||
446 | return aead_recvmsg(sock, msg, ignored, flags); | |
447 | } | |
448 | ||
449 | static struct proto_ops algif_aead_ops_nokey = { | |
450 | .family = PF_ALG, | |
451 | ||
452 | .connect = sock_no_connect, | |
453 | .socketpair = sock_no_socketpair, | |
454 | .getname = sock_no_getname, | |
455 | .ioctl = sock_no_ioctl, | |
456 | .listen = sock_no_listen, | |
457 | .shutdown = sock_no_shutdown, | |
458 | .getsockopt = sock_no_getsockopt, | |
459 | .mmap = sock_no_mmap, | |
460 | .bind = sock_no_bind, | |
461 | .accept = sock_no_accept, | |
462 | .setsockopt = sock_no_setsockopt, | |
463 | ||
464 | .release = af_alg_release, | |
465 | .sendmsg = aead_sendmsg_nokey, | |
466 | .sendpage = aead_sendpage_nokey, | |
467 | .recvmsg = aead_recvmsg_nokey, | |
2d97591e | 468 | .poll = af_alg_poll, |
2a2a251f SM |
469 | }; |
470 | ||
400c40cf SM |
471 | static void *aead_bind(const char *name, u32 type, u32 mask) |
472 | { | |
2a2a251f SM |
473 | struct aead_tfm *tfm; |
474 | struct crypto_aead *aead; | |
72548b09 | 475 | struct crypto_skcipher *null_tfm; |
2a2a251f SM |
476 | |
477 | tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); | |
478 | if (!tfm) | |
479 | return ERR_PTR(-ENOMEM); | |
480 | ||
481 | aead = crypto_alloc_aead(name, type, mask); | |
482 | if (IS_ERR(aead)) { | |
483 | kfree(tfm); | |
484 | return ERR_CAST(aead); | |
485 | } | |
486 | ||
72548b09 SM |
487 | null_tfm = crypto_get_default_null_skcipher2(); |
488 | if (IS_ERR(null_tfm)) { | |
489 | crypto_free_aead(aead); | |
490 | kfree(tfm); | |
491 | return ERR_CAST(null_tfm); | |
492 | } | |
493 | ||
2a2a251f | 494 | tfm->aead = aead; |
72548b09 | 495 | tfm->null_tfm = null_tfm; |
2a2a251f SM |
496 | |
497 | return tfm; | |
400c40cf SM |
498 | } |
499 | ||
500 | static void aead_release(void *private) | |
501 | { | |
2a2a251f SM |
502 | struct aead_tfm *tfm = private; |
503 | ||
504 | crypto_free_aead(tfm->aead); | |
505 | kfree(tfm); | |
400c40cf SM |
506 | } |
507 | ||
508 | static int aead_setauthsize(void *private, unsigned int authsize) | |
509 | { | |
2a2a251f SM |
510 | struct aead_tfm *tfm = private; |
511 | ||
512 | return crypto_aead_setauthsize(tfm->aead, authsize); | |
400c40cf SM |
513 | } |
514 | ||
515 | static int aead_setkey(void *private, const u8 *key, unsigned int keylen) | |
516 | { | |
2a2a251f SM |
517 | struct aead_tfm *tfm = private; |
518 | int err; | |
519 | ||
520 | err = crypto_aead_setkey(tfm->aead, key, keylen); | |
521 | tfm->has_key = !err; | |
522 | ||
523 | return err; | |
400c40cf SM |
524 | } |
525 | ||
526 | static void aead_sock_destruct(struct sock *sk) | |
527 | { | |
528 | struct alg_sock *ask = alg_sk(sk); | |
2d97591e | 529 | struct af_alg_ctx *ctx = ask->private; |
d887c52d SM |
530 | struct sock *psk = ask->parent; |
531 | struct alg_sock *pask = alg_sk(psk); | |
532 | struct aead_tfm *aeadc = pask->private; | |
533 | struct crypto_aead *tfm = aeadc->aead; | |
534 | unsigned int ivlen = crypto_aead_ivsize(tfm); | |
400c40cf | 535 | |
2d97591e | 536 | af_alg_pull_tsgl(sk, ctx->used, NULL, 0); |
72548b09 | 537 | crypto_put_default_null_skcipher2(); |
400c40cf SM |
538 | sock_kzfree_s(sk, ctx->iv, ivlen); |
539 | sock_kfree_s(sk, ctx, ctx->len); | |
540 | af_alg_release_parent(sk); | |
541 | } | |
542 | ||
2a2a251f | 543 | static int aead_accept_parent_nokey(void *private, struct sock *sk) |
400c40cf | 544 | { |
2d97591e | 545 | struct af_alg_ctx *ctx; |
400c40cf | 546 | struct alg_sock *ask = alg_sk(sk); |
2a2a251f SM |
547 | struct aead_tfm *tfm = private; |
548 | struct crypto_aead *aead = tfm->aead; | |
d887c52d | 549 | unsigned int len = sizeof(*ctx); |
2a2a251f | 550 | unsigned int ivlen = crypto_aead_ivsize(aead); |
400c40cf SM |
551 | |
552 | ctx = sock_kmalloc(sk, len, GFP_KERNEL); | |
553 | if (!ctx) | |
554 | return -ENOMEM; | |
555 | memset(ctx, 0, len); | |
556 | ||
557 | ctx->iv = sock_kmalloc(sk, ivlen, GFP_KERNEL); | |
558 | if (!ctx->iv) { | |
559 | sock_kfree_s(sk, ctx, len); | |
560 | return -ENOMEM; | |
561 | } | |
562 | memset(ctx->iv, 0, ivlen); | |
563 | ||
d887c52d | 564 | INIT_LIST_HEAD(&ctx->tsgl_list); |
400c40cf SM |
565 | ctx->len = len; |
566 | ctx->used = 0; | |
d887c52d | 567 | ctx->rcvused = 0; |
400c40cf SM |
568 | ctx->more = 0; |
569 | ctx->merge = 0; | |
570 | ctx->enc = 0; | |
400c40cf | 571 | ctx->aead_assoclen = 0; |
2c3f8b16 | 572 | crypto_init_wait(&ctx->wait); |
400c40cf SM |
573 | |
574 | ask->private = ctx; | |
575 | ||
400c40cf SM |
576 | sk->sk_destruct = aead_sock_destruct; |
577 | ||
578 | return 0; | |
579 | } | |
580 | ||
2a2a251f SM |
581 | static int aead_accept_parent(void *private, struct sock *sk) |
582 | { | |
583 | struct aead_tfm *tfm = private; | |
584 | ||
585 | if (!tfm->has_key) | |
586 | return -ENOKEY; | |
587 | ||
588 | return aead_accept_parent_nokey(private, sk); | |
589 | } | |
590 | ||
400c40cf SM |
591 | static const struct af_alg_type algif_type_aead = { |
592 | .bind = aead_bind, | |
593 | .release = aead_release, | |
594 | .setkey = aead_setkey, | |
595 | .setauthsize = aead_setauthsize, | |
596 | .accept = aead_accept_parent, | |
2a2a251f | 597 | .accept_nokey = aead_accept_parent_nokey, |
400c40cf | 598 | .ops = &algif_aead_ops, |
2a2a251f | 599 | .ops_nokey = &algif_aead_ops_nokey, |
400c40cf SM |
600 | .name = "aead", |
601 | .owner = THIS_MODULE | |
602 | }; | |
603 | ||
604 | static int __init algif_aead_init(void) | |
605 | { | |
606 | return af_alg_register_type(&algif_type_aead); | |
607 | } | |
608 | ||
609 | static void __exit algif_aead_exit(void) | |
610 | { | |
611 | int err = af_alg_unregister_type(&algif_type_aead); | |
612 | BUG_ON(err); | |
613 | } | |
614 | ||
615 | module_init(algif_aead_init); | |
616 | module_exit(algif_aead_exit); | |
617 | MODULE_LICENSE("GPL"); | |
618 | MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); | |
619 | MODULE_DESCRIPTION("AEAD kernel crypto API user space interface"); |